Irregular Expressions

Jul 26 2010   3:24PM GMT

CVE-2009-3555 Cisco update

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml

This is something I covered at the start of the year, I just noticed today that Cisco has updated the their advisory for the vulnerability with patch information and additional products.

This was the issue that could allow a malicious user to use the renegotiation in SSL / TLS to preform a MIM / Man In The Middle attack on secure sessions.

I created somewhat of an explanation from a variety of sources, you can read it here http://itknowledgeexchange.techtarget.com/Irregular-Expressions/ssl-tls-renegotiation/

It’s a pretty interesting attack, the RFC has excellent information about renegotiation and why the protocol has the ability to do it.  Also I think there is payload in Metaspoit to test it out, if there is not I know it’s out there if you look.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: